Forum Discussion
ASR - Behavior Changes - Blocking under User Context Now?
- I've so far only managed to check on one endpoint that was having the issue, However it's Security Intelligence Version updated to 1.373.383.0 this morning and it is no longer showing any symptoms of the problem. So early signs are encouraging that this may be fixed.
Hi!
I got your email from Github so replying to you here. We have the same issue starting around your dates also, not sure exactly what has caused it but not all machines are affected.
After reviewing a few queries I ran in Advanced Hunting I found that the ASR rule "Block executable content from email client and webmail" GUID "be9ba2d9-53ea-4cdc-84e5-9b1eeee46550" is causing some conflict with the Outlook sign-in and also some COM add-in's.
I am deploying the ASR rules from InTune, unsure if deploying from GPO would help.
Paths are from the users %localappdata%\Microsoft\Windows\INetCache\IE\<Folderchanges per file>\
Files listed as below:
jquery-1.12.4.1.min[1].js
hrd.min[1].js
jsonstrings[1].js
jquery-1.12.4.1.min[1].js
CommonDiagnostics[1].js
knockout-3.4.2[1].js
Action Type:
AsrExecutableEmailContentBlocked
Advanced hunting query - security.microsoft.com:
